| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in the search capability for MyWebServer 1.0.2 allows remote attackers to execute arbitrary code via a long searchTarget parameter. |
| PHP remote file inclusion vulnerability in index.php in WEBInsta CMS 0.3.1 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the templates_dir parameter. |
| TLS handshakes in Tor before 0.1.1.20 generate public-private keys based on TLS context rather than the connection, which makes it easier for remote attackers to conduct brute force attacks on the encryption keys. |
| Tor before 0.1.1.20 does not sufficiently obey certain firewall options, which allows remote attackers to bypass intended access restrictions for dirservers, direct connections, or proxy servers. |
| Tor before 0.1.1.20 uses improper logic to validate the "OR" destination, which allows remote attackers to perform a man-in-the-middle (MITM) attack via unspecified vectors. |
| Tor client before 0.1.1.20 prefers entry points based on is_fast or is_stable flags, which could allow remote attackers to be preferred over nodes that are identified as more trustworthy "entry guard" (is_guard) systems by directory authorities. |
| Cisco Virtual Private Network (VPN) Client software 2.x.x and 3.x before 3.0.5 allows remote attackers to cause a denial of service (crash) via TCP packets with source and destination ports of 137 (NETBIOS). |
| Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2 allows remote attackers to insert script and HTML via a long request followed by the malicious script, which is echoed back to the user in an error message. |
| Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus library allows remote attackers to execute arbitrary code via a crafted ZOO archive. |
| Tor before 0.1.1.20 does not validate that a server descriptor's fingerprint line matches its identity key, which allows remote attackers to spoof the fingerprint line, which might be trusted by users or other applications. |
| Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, allows local users to use a utility program to obtain the group password. |
| Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes (RAND_pseudo_bytes) instead of cryptographically strong RAND_bytes, and seeds the entropy value at start-up with 160-bit chunks without reseeding, which makes it easier for attackers to conduct brute force guessing attacks. |
| MyWebServer 1.0.2 allows remote attackers to determine the absolute path of the web document root via a request for a directory that does not exist, which leaks the pathname in an error message. |
| Multiple SQL injection vulnerabilities in Central Manchester CLC Helpdesk Issue Manager 0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) detail[], (2) orderdir, and (3) orderby parameters to find.php, and the (4) id parameter to issue.php. |
| Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks. |
| Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.2B, does not generate sufficiently random numbers, which may make it vulnerable to certain attacks such as spoofing. |
| Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd allow remote attackers to insert script or HTML into web pages via (1) test.php, (2) test.shtml, or (3) redir.exe. |
| Buffer overflow in Adobe Acrobat 6.0 to 6.0.4 allows remote attackers to execute arbitrary code via unknown vectors in a document that triggers the overflow when it is distilled to PDF. |
| Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.6(Rel), when configured with all tunnel mode, can be forced into acknowledging a TCP packet from outside the tunnel. |
| securetar, as used in AMaViS shell script 0.2.1 and earlier, allows users to cause a denial of service (CPU consumption) via a malformed TAR file, possibly via an incorrect file size parameter. |
